What is Root Certificate in SSL?

Wednesday, January 20, 2016

In every Secure Socket Layer (SSL) certificate, there is a certification path that dictates the source of the digital certificate and this can ultimately be traced to a root certificate. Certification path depends on the Certificate Authority (CA) you previously acquired the certificate from, with each CA having their own list of Root certificates used as a trusted anchor for issuing their own brand digital certificates.

The Structure of a (plant) root to explain the similarities with Root Certificates

SSL certificates rely on the ‘chain of trust’ concept where the Online Certificate Status Protocol (OCSP) validates a certificate by looking up the chain of trust in a CA. If an intermediate certificate is not recognised, OCSP will move on to the next step of looking up the root certificate. Only once looking up both the intermediate and root certificates, will a secure connection be made between a server and a client. From here, sharing of confidential and private information is made.

Every CA has their own list of root certificates. For DigiCert, the list of root certificates are listed below (as of 20 Jan 2016):

Baltimore CyberTrust Root

DigiCert Assured ID Root CA

DigiCert Assured ID Root G2

DigiCert Assured ID Root G3

DigiCert Federated ID Root CA

DigiCert Global Root CA

DigiCert Global Root G2

DigiCert Global Root G3

DigiCert High Assurance EV Root CA

DigiCert Private Services Root

DigiCert Trusted Root G4

GTE CyberTrust Global Root

Verizon Global Root CA

For the full list of DigiCert Root & Intermediate certificates, click here.

How to find the Root Certificate in Your SSL

The root certificate can be uncovered by looking up the certification path in an SSL certificate. This digital certificate is publicly available when clicked on the green padlock icon on the green address bar.

Ensure Root Certificates are Compatible

It is important that the SSL certificate installed is recognised by most platforms to ensure a secure and encrypted connection throughout private sessions. In fact, DigiCert Root Certificates are among the most widely trusted authority certificates in the world where all common web browsers, devices and mail clients automatically recognises. In addition, OCSP response time are the fastest amongst CAs.